package oceanwiki.config.xss;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@WebFilter(urlPatterns = "/*")//过滤所有请求
public class XssFilter implements Filter {
    String noFilterUrls[] = new String[]{"doc/save"};
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        Filter.super.init(filterConfig);
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
                         FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request= (HttpServletRequest) servletRequest;

        String uri = request.getRequestURI();
        boolean isFilter = true;
        for (String noFilterUrl : noFilterUrls) {
            if (noFilterUrl.equals(uri)) {//匹配成功说明是doc中的保存
                isFilter = false;
                break;
            }
        }
        if (!isFilter) {
            filterChain.doFilter(servletRequest, servletResponse);
        }

        XssHttpServletRequestWrapper wrapper=new XssHttpServletRequestWrapper(request);
        filterChain.doFilter(wrapper,servletResponse);
    }
    @Override
    public void destroy() {
        Filter.super.destroy();
    }
}
